top of page
  • Writer's pictureMehran Jalaei

Smishing Attempt - Real Example

This is a real example of a recent smishing text message sent to Detective Superintendent Neil Jones’ personal phone on the 30th of May at 8.12 pm.


Smishing attempts are a common method of attack, with cyber attackers often posing as well-known organisations. In this case, the fraudsters pretend to be PayPal, claiming there is an issue with an existing account. Note the sense of urgency in the message; this is a common tactic and is used in extortion attempts.


If you receive a text message asking you to click, you must stop and check the URL before you click or give away any sensitive data. As you can see in this attempt, the second part of the URL is caseid4359.com, which is very unusual for a company like PayPal. Some attempts are more convincing than others though, like subtle changes to a URL to make it look authentic such as pay.pal.com.


The Cyber Resilience Centre always recommends researching the full URL using https://who.is. This website will verify when the domain was registered and who it belongs to. You can also contact the account provider directly to check whether the message or email is real.


In this case, the WHO.IS search on caseid4359.com shows it was created at 5.21 pm on Saturday, 30th May, just 3 hours before the smishing text was sent? Therefore, the domain was likely registered specifically for the smishing campaign. The registrar's details suggest the fraudsters are located in the Netherlands.


Comments


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.

 

Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.

 

This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page